Cover image for LDAP Authentication for IBM DS8000 Systems: Updated for DS8000 Release 9.1

LDAP Authentication for IBM DS8000 Systems: Updated for DS8000 Release 9.1

Release Date: 2021/03/01
ISBN: 9780738459486
Topic:
0%
17
Chapters
0-1
Hours read
0k
Total Words
    Start Reading Now    
       Add to Wishlist       
View table of contents

The IBM® DS8000® series includes the option to replace the locally based user ID and password authentication with a centralized directory-based approach.

This IBM Redpaper publication helps DS8000 storage administrators understand the concepts and benefits of a centralized directory. It provides the information that is required for implementing a DS8000 authentication mechanism that is based on the Lightweight Directory Access Protocol (LDAP).

Starting with DS8000 Release 9.1 code, a simpler, native LDAP authentication method is supported along with the former implementation that relies on IBM Copy Services Manager (CSM) acting as a proxy between the DS8000 and external LDAP servers.

Note that examples and operations shown in this Redpaper refer to the DS8000 R9.1 SP1, code release bundle 89.11.33.0.

Table of Contents

  1. Front cover
  2. Notices
    1. Trademarks
  3. Preface
    1. Authors
    2. Now you can become a published author, too!
    3. Comments welcome
    4. Stay connected to IBM Redbooks
  4. Chapter 1. IBM DS8000 user authentication
    1. 1.1 Introduction to the DS8000 user authentication
    2. 1.2 Storage Authentication Service by using CSM as an LDAP proxy
    3. 1.3 Remote authentication by using the native implementation
    4. 1.4 Benefits of using remote authentication for a DS8000 system
    5. 1.5 Determining the remote authentication solution
  5. Chapter 2. Lightweight Directory Access Protocol for IBM DS8000 administrators
    1. 2.1 Directory services and LDAP
    2. 2.2 Basic LDAP and directory services terms explained
    3. 2.2.1 Directory entry
    4. 2.2.2 Groups
    5. 2.2.3 The directory structure
    6. 2.2.4 LDAP filter
    7. 2.3 LDAP binding and authentication
    8. 2.3.1 Simple bind
    9. 2.3.2 Anonymous bind
    10. 2.3.3 Direct bind and authentication
  6. Chapter 3. IBM DS8000 user management
    1. 3.1 DS8000 basic user management and access
    2. 3.1.1 Users and roles
    3. 3.1.2 Basic user management
    4. 3.2 Customized user roles and considerations
    5. 3.2.1 Creating a customized user role by using the DS GUI
    6. 3.2.2 LDAP considerations with customized user roles
    7. 3.3 Planning for LDAP user groups and mappings
    8. 3.3.1 Local administrator user ID considerations with LDAP
    9. 3.3.2 Security administrator mapping considerations
    10. 3.3.3 Users and user groups on a remote authentication server
  7. Chapter 4. IBM DS8000 GUI implementation
    1. 4.1 Configuring remote authentication by using the GUI
    2. 4.1.1 Starting the wizard
    3. 4.1.2 Remote Authentication type
    4. 4.1.3 LDAP server type
    5. 4.1.4 LDAP Servers access
    6. 4.1.5 Configuring the access mode
    7. 4.1.6 Configure Lookup Method
    8. 4.1.7 Enable Local Administrator window
    9. 4.1.8 Authentication mapping
    10. 4.1.9 Special consideration for secadmin users
    11. 4.1.10 Administrator verification
    12. 4.2 Modifying an existing configuration
    13. 4.2.1 Changing the user mappings
    14. 4.2.2 Changing the LDAP server configuration
    15. 4.3 Enabling local authentication
    16. 4.4 Exporting and importing the configuration
    17. 4.4.1 Exporting the configuration
    18. 4.4.2 Importing the configuration
  8. Chapter 5. Implementing LDAP by using the DS Command-Line Interface
    1. 5.1 Overview
    2. 5.2 Creating a truststore for a secure LDAP connection
    3. 5.3 Creating a remote authentication policy
    4. 5.4 Testing and activating a remote authentication policy
    5. 5.5 Managing remote authentication policies by using the DS CLI
    6. 5.6 Special considerations for security administrators
    7. 5.7 Special considerations for resource groups
  9. Chapter 6. Implementing LDAP with directory services
    1. 6.1 OpenLDAP
    2. 6.1.1 Overlays
    3. 6.1.2 Group definition
    4. 6.2 Microsoft Active Directory
    5. 6.2.1 Binding
    6. 6.2.2 Nested group support
    7. 6.3 IBM Security Directory Server
    8. 6.3.1 Binding
    9. 6.3.2 Nested group support
  10. Chapter 7. IBM Resource Access Control Facility
    1. 7.1 Configuring secure communication between the LDAP server and a client on a DS8900F system
    2. 7.2 LDAP search base
    3. 7.3 RACF user and group considerations
    4. 7.3.1 RACF user definitions
    5. 7.3.2 RACF group definitions
    6. 7.4 LDAP authentication
    7. 7.4.1 Simple binding
    8. 7.4.2 Direct binding
    9. 7.5 LDAP lookup considerations
    10. 7.6 Authentication mappings
    11. 7.7 RACF multi-factor authentication
  11. Chapter 8. Migrating from IBM Copy Services Manager based LDAP authentication to native LDAP authentication
    1. 8.1 The migration scenario
    2. 8.2 Required information for the migration
    3. 8.2.1 Gathering the data from the DS8900F system
    4. 8.2.2 Gathering the CSM LDAP configuration details
    5. 8.3 Starting the migration
    6. 8.3.1 Changing the authentication to local authentication on the DS8900 system
    7. 8.3.2 Restarting the HMCs
    8. 8.3.3 Configuring the native LDAP authentication
  12. Chapter 9. Implementing LDAP through IBM Copy Services Manager
    1. 9.1 Architecture for remote authentication through CSM
    2. 9.2 Differences between embedded and external CSM
    3. 9.2.1 Communication and IP ports to use
    4. 9.2.2 Certificates to use for building the truststore
    5. 9.3 Creating a truststore
    6. 9.3.1 Obtaining the truststore files for external CSM servers
    7. 9.3.2 Creating the truststore files for an embedded CSM server
    8. 9.4 Configuring the CSM servers for LDAP authentication
    9. 9.4.1 Configuring LDAP by using the CSM GUI
    10. 9.4.2 Configuring LDAP by using the CSM command line
    11. 9.5 Configuring the DS8000 system for LDAP authentication
    12. 9.5.1 Using the DS Storage Manager GUI
    13. 9.5.2 Configuring DS8000 LDAP authentication by using the DS CLI
    14. 9.6 Mapping LDAP users and groups to the DS8000 Security Administrator role
  13. Appendix A. LDAP planning worksheet
    1. Choosing an LDAP implementation
    2. Native LDAP
    3. Configuring LDAP by using CSM
    4. Enabling a local administrator
    5. Configuring authentication mappings
  14. Appendix B. Troubleshooting
    1. Troubleshooting by using ldapsearch
    2. Troubleshooting by using dsquery
  15. Appendix C. Exporting secure certificates by using the Google Chrome and Microsoft Edge web browsers
    1. Exporting a certificate on Microsoft Edge
    2. Exporting a certificate on Google Chrome
  16. Related publications
    1. IBM Redbooks
    2. Online resources
    3. Help from IBM
  17. Back cover
3.145.143.239